Author: paul
Date: 2006-05-25 22:37:07 +0200 (Thu, 25 May 2006)
New Revision: 2205
Log:
r10053@polar: paul | 2006-05-25 14:39:15 -0500
Additional SSL material.
Modified:
trunk/
trunk/refman-4.1/database-administration.xml
trunk/refman-5.0/database-administration.xml
trunk/refman-5.1/database-administration.xml
trunk/refman-common/news-5.0.xml
trunk/refman-common/news-5.1.xml
Property changes on: trunk
___________________________________________________________________
Name: svk:merge
- 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:10052
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:10691
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:7517
+ 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:10053
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:10691
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:7517
Modified: trunk/refman-4.1/database-administration.xml
===================================================================
--- trunk/refman-4.1/database-administration.xml 2006-05-25 20:36:55 UTC (rev 2204)
+++ trunk/refman-4.1/database-administration.xml 2006-05-25 20:37:07 UTC (rev 2205)
@@ -17652,9 +17652,10 @@
</para>
<para>
- Secure connections are available through the C API. Replication
- uses this API, so secure connections can be used between master
- and slave servers.
+ Secure connections are based on the OpenSSL API and are
+ available through the MySQL C API. Replication uses the C API,
+ so secure connections can be used between master and slave
+ servers.
</para>
<section id="secure-basics">
@@ -17782,8 +17783,19 @@
<listitem>
<para>
+ To check whether a server binary is compiled with SSL
+ support, invoke it with the <option>--ssl</option> option.
+ An error will occur if the server does not support SSL:
+ </para>
+
+<programlisting>
+shell> <userinput>mysqld --ssl --help</userinput>
+060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
+</programlisting>
+
+ <para>
To check whether a running <command>mysqld</command>
- server supports OpenSSL, examine the value of the
+ server supports SSL, examine the value of the
<literal>have_openssl</literal> system variable:
</para>
@@ -17821,14 +17833,15 @@
<listitem>
<para>
<option>--ssl-ca</option> identifies the Certificate
- Authority certificate.
+ Authority (CA) certificate.
</para>
</listitem>
<listitem>
<para>
- <option>--ssl-cert</option> identifies the server
- certificate.
+ <option>--ssl-cert</option> identifies the server public
+ key. This can be sent to the client and authenticated
+ against the CA certificate that it has.
</para>
</listitem>
@@ -17859,6 +17872,47 @@
</para>
<para>
+ A client can determine whether the current connection with the
+ server uses SSL by checking the value of the
+ <literal>Ssl_cipher</literal> status variable. The value of
+ <literal>Ssl_cipher</literal> is non-empty if SSL is used, and
+ empty otherwise. For example:
+ </para>
+
+<programlisting>
+mysql> <userinput>SHOW STATUS LIKE 'Ssl_cipher';</userinput>
++---------------+--------------------+
+| Variable_name | Value |
++---------------+--------------------+
+| Ssl_cipher | DHE-RSA-AES256-SHA |
++---------------+--------------------+
+</programlisting>
+
+ <para>
+ For the <command>mysql</command> client, you can use the
+ <literal>STATUS</literal> or <literal>\s</literal> command and
+ check the <literal>SSL</literal> line:
+ </para>
+
+<programlisting>
+mysql> <userinput>\s</userinput>
+...
+SSL: Not in use
+...
+</programlisting>
+
+ <para>
+ Or:
+ </para>
+
+<programlisting>
+mysql> <userinput>\s</userinput>
+...
+SSL: Cipher in use is DHE-RSA-AES256-SHA
+...
+</programlisting>
+
+ <para>
To establish a secure connection from within an application
program, use the <literal>mysql_ssl_set()</literal> C API
function to set the appropriate certificate options before
Modified: trunk/refman-5.0/database-administration.xml
===================================================================
--- trunk/refman-5.0/database-administration.xml 2006-05-25 20:36:55 UTC (rev 2204)
+++ trunk/refman-5.0/database-administration.xml 2006-05-25 20:37:07 UTC (rev 2205)
@@ -20448,9 +20448,10 @@
</para>
<para>
- Secure connections are available through the C API. Replication
- uses this API, so secure connections can be used between master
- and slave servers.
+ Secure connections are based on the OpenSSL API and are
+ available through the MySQL C API. Replication uses the C API,
+ so secure connections can be used between master and slave
+ servers.
</para>
<section id="secure-basics">
@@ -20629,8 +20630,19 @@
<listitem>
<para>
+ To check whether a server binary is compiled with SSL
+ support, invoke it with the <option>--ssl</option> option.
+ An error will occur if the server does not support SSL:
+ </para>
+
+<programlisting>
+shell> <userinput>mysqld --ssl --help</userinput>
+060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
+</programlisting>
+
+ <para>
To check whether a running <command>mysqld</command>
- server supports OpenSSL, examine the value of the
+ server supports SSL, examine the value of the
<literal>have_openssl</literal> system variable:
</para>
@@ -20674,14 +20686,15 @@
<listitem>
<para>
<option>--ssl-ca</option> identifies the Certificate
- Authority certificate.
+ Authority (CA) certificate.
</para>
</listitem>
<listitem>
<para>
- <option>--ssl-cert</option> identifies the server
- certificate.
+ <option>--ssl-cert</option> identifies the server public
+ key. This can be sent to the client and authenticated
+ against the CA certificate that it has.
</para>
</listitem>
@@ -20712,6 +20725,47 @@
</para>
<para>
+ A client can determine whether the current connection with the
+ server uses SSL by checking the value of the
+ <literal>Ssl_cipher</literal> status variable. The value of
+ <literal>Ssl_cipher</literal> is non-empty if SSL is used, and
+ empty otherwise. For example:
+ </para>
+
+<programlisting>
+mysql> <userinput>SHOW STATUS LIKE 'Ssl_cipher';</userinput>
++---------------+--------------------+
+| Variable_name | Value |
++---------------+--------------------+
+| Ssl_cipher | DHE-RSA-AES256-SHA |
++---------------+--------------------+
+</programlisting>
+
+ <para>
+ For the <command>mysql</command> client, you can use the
+ <literal>STATUS</literal> or <literal>\s</literal> command and
+ check the <literal>SSL</literal> line:
+ </para>
+
+<programlisting>
+mysql> <userinput>\s</userinput>
+...
+SSL: Not in use
+...
+</programlisting>
+
+ <para>
+ Or:
+ </para>
+
+<programlisting>
+mysql> <userinput>\s</userinput>
+...
+SSL: Cipher in use is DHE-RSA-AES256-SHA
+...
+</programlisting>
+
+ <para>
To establish a secure connection from within an application
program, use the <literal>mysql_ssl_set()</literal> C API
function to set the appropriate certificate options before
Modified: trunk/refman-5.1/database-administration.xml
===================================================================
--- trunk/refman-5.1/database-administration.xml 2006-05-25 20:36:55 UTC (rev 2204)
+++ trunk/refman-5.1/database-administration.xml 2006-05-25 20:37:07 UTC (rev 2205)
@@ -20528,9 +20528,10 @@
</para>
<para>
- Secure connections are available through the C API. Replication
- uses this API, so secure connections can be used between master
- and slave servers.
+ Secure connections are based on the OpenSSL API and are
+ available through the MySQL C API. Replication uses the C API,
+ so secure connections can be used between master and slave
+ servers.
</para>
<section id="secure-basics">
@@ -20721,8 +20722,19 @@
<listitem>
<para>
+ To check whether a server binary is compiled with SSL
+ support, invoke it with the <option>--ssl</option> option.
+ An error will occur if the server does not support SSL:
+ </para>
+
+<programlisting>
+shell> <userinput>mysqld --ssl --help</userinput>
+060525 14:18:52 [ERROR] mysqld: unknown option '--ssl'
+</programlisting>
+
+ <para>
To check whether a running <command>mysqld</command>
- server supports OpenSSL, examine the value of the
+ server supports SSL, examine the value of the
<literal>have_openssl</literal> system variable:
</para>
@@ -20766,14 +20778,15 @@
<listitem>
<para>
<option>--ssl-ca</option> identifies the Certificate
- Authority certificate.
+ Authority (CA) certificate.
</para>
</listitem>
<listitem>
<para>
- <option>--ssl-cert</option> identifies the server
- certificate.
+ <option>--ssl-cert</option> identifies the server public
+ key. This can be sent to the client and authenticated
+ against the CA certificate that it has.
</para>
</listitem>
@@ -20804,6 +20817,47 @@
</para>
<para>
+ A client can determine whether the current connection with the
+ server uses SSL by checking the value of the
+ <literal>Ssl_cipher</literal> status variable. The value of
+ <literal>Ssl_cipher</literal> is non-empty if SSL is used, and
+ empty otherwise. For example:
+ </para>
+
+<programlisting>
+mysql> <userinput>SHOW STATUS LIKE 'Ssl_cipher';</userinput>
++---------------+--------------------+
+| Variable_name | Value |
++---------------+--------------------+
+| Ssl_cipher | DHE-RSA-AES256-SHA |
++---------------+--------------------+
+</programlisting>
+
+ <para>
+ For the <command>mysql</command> client, you can use the
+ <literal>STATUS</literal> or <literal>\s</literal> command and
+ check the <literal>SSL</literal> line:
+ </para>
+
+<programlisting>
+mysql> <userinput>\s</userinput>
+...
+SSL: Not in use
+...
+</programlisting>
+
+ <para>
+ Or:
+ </para>
+
+<programlisting>
+mysql> <userinput>\s</userinput>
+...
+SSL: Cipher in use is DHE-RSA-AES256-SHA
+...
+</programlisting>
+
+ <para>
To establish a secure connection from within an application
program, use the <literal>mysql_ssl_set()</literal> C API
function to set the appropriate certificate options before
Modified: trunk/refman-common/news-5.0.xml
===================================================================
--- trunk/refman-common/news-5.0.xml 2006-05-25 20:36:55 UTC (rev 2204)
+++ trunk/refman-common/news-5.0.xml 2006-05-25 20:37:07 UTC (rev 2205)
@@ -205,6 +205,13 @@
<listitem>
<para>
+ Binary distributions that include SSL support now are built
+ using yaSSL when possible.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
Added the <option>--ssl-verify-server-cert</option> option to
MySQL client programs. This option causes the server's Common
Name value in its certificate to be verified against the
Modified: trunk/refman-common/news-5.1.xml
===================================================================
--- trunk/refman-common/news-5.1.xml 2006-05-25 20:36:55 UTC (rev 2204)
+++ trunk/refman-common/news-5.1.xml 2006-05-25 20:37:07 UTC (rev 2205)
@@ -583,6 +583,13 @@
<listitem>
<para>
+ Binary distributions that include SSL support now are built
+ using yaSSL when possible.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
The
<literal>MySQL-shared-compat-5.1.<replaceable>X</replaceable>-.i386.rpm</literal>
shared compatibility RPMs no longer contain libraries for
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r2205 - in trunk: . refman-4.1 refman-5.0 refman-5.1 refman-common | paul | 25 May |
